Portability is a concern when using the fread() and fwrite() functions across multiple, heterogeneous systems. In particular, it is never guaranteed that reading or writing of scalar data types such as integers, let alone aggregate types such as arrays or structures, will preserve the representation or value of the data. Different compilers use different amounts of padding. Different machines use various floating-point models and may use a different number of bits per byte. In addition, there is always the issue of endianness.
This noncompliant code example reads data from a file stream into a data structure.
struct myData {
char c;
long l;
};
/* ... */
FILE *file;
struct myData data;
/* initialize file */
if (fread(&data, sizeof(struct myData), 1, file) < sizeof(struct myData)) {
/* Handle error */
}
|
However, the code makes assumptions about the layout of myData, which may be represented differently on a different platform.
The best solution is to use either a text representation or a special library that will ensures data integrity.
struct myData {
char c;
long l;
};
/* ... */
FILE *file;
struct myData data;
char buf[25];
char *end_ptr;
/* initialize file */
if (fgets(buf, 1, file) == NULL) {
/* Handle error */
}
data.c = buf[0];
if (fgets(buf, sizeof(buf), file) == NULL) {
/* Handle Error */
}
data.l = strtol(buf, &end_ptr, 10);
if ((ERANGE == errno)
|| (end_ptr == buf)
|| ('\n' != *end_ptr && '\0' != *end_ptr)) {
/* Handle Error */
}
|
Reading binary data that has a different format than expected may result in unintended program behavior.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO09-C |
medium |
probable |
high |
P4 |
L3 |
Compass/ROSE could flag possible violations of this rule by noting any pointer to struct that is passed to read(), as the NCCE demonstrates.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
This rule appears in the C++ Secure Coding Standard as FIO09-CPP. Be careful with binary data when transferring data across systems.
\[[Summit 95|AA. C References#Summit 95]\], [20.5 on C-FAQ | http://c-faq.com/misc/binaryfiles.html] |